mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 22:08:16 -05:00
gnu: connman: Update to 1.40.
* gnu/packages/connman.scm (connman): Update to 1.40. [source]: Remove upstreamed patch. [inputs]: Add lz4, rather than propagate it from openconnect. * gnu/packages/patches/connman-CVE-2021-33833.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
parent
7f86f42671
commit
bf9dc75682
3 changed files with 4 additions and 78 deletions
|
@ -924,7 +924,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/collectd-5.11.0-noinstallvar.patch \
|
||||
%D%/packages/patches/combinatorial-blas-awpm.patch \
|
||||
%D%/packages/patches/combinatorial-blas-io-fix.patch \
|
||||
%D%/packages/patches/connman-CVE-2021-33833.patch \
|
||||
%D%/packages/patches/coreutils-ls.patch \
|
||||
%D%/packages/patches/cpufrequtils-fix-aclocal.patch \
|
||||
%D%/packages/patches/crawl-upgrade-saves.patch \
|
||||
|
|
|
@ -28,6 +28,7 @@ (define-module (gnu packages connman)
|
|||
#:use-module (guix utils)
|
||||
#:use-module (gnu packages)
|
||||
#:use-module (gnu packages admin)
|
||||
#:use-module (gnu packages compression)
|
||||
#:use-module (gnu packages enlightenment)
|
||||
#:use-module (gnu packages glib)
|
||||
#:use-module (gnu packages linux)
|
||||
|
@ -44,15 +45,14 @@ (define-module (gnu packages connman)
|
|||
(define-public connman
|
||||
(package
|
||||
(name "connman")
|
||||
(version "1.39")
|
||||
(version "1.40")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://kernel.org/linux/network/connman/"
|
||||
"connman-" version ".tar.xz"))
|
||||
(patches (search-patches "connman-CVE-2021-33833.patch"))
|
||||
(sha256
|
||||
(base32 "1wqs307vjphhh73qbqk25zxhhqwn1mdk6bpzl5qcd4blkcbafqlz"))))
|
||||
(base32 "04nbxpaxykncp65fyh4lk778vn9145fbxhxa8hbkmailw9yawmqs"))))
|
||||
(build-system gnu-build-system)
|
||||
(arguments
|
||||
`(#:configure-flags
|
||||
|
@ -76,6 +76,7 @@ (define-public connman
|
|||
("gnutls" ,gnutls)
|
||||
("iptables" ,iptables)
|
||||
("libmnl" ,libmnl)
|
||||
("lz4" ,lz4) ; required by openconnect.pc
|
||||
("readline" ,readline)
|
||||
;; These inputs are needed for connman to include the interface to
|
||||
;; these technologies so IF they are installed they can be used.
|
||||
|
|
|
@ -1,74 +0,0 @@
|
|||
Fix CVE-2021-33833:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33833
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
|
||||
|
||||
From eceb2e8d2341c041df55a5e2f047d9a8c491463c Mon Sep 17 00:00:00 2001
|
||||
From: Valery Kashcheev <v.kascheev@omp.ru>
|
||||
Date: Mon, 7 Jun 2021 18:58:24 +0200
|
||||
Subject: [PATCH] dnsproxy: Check the length of buffers before memcpy
|
||||
|
||||
Fix using a stack-based buffer overflow attack by checking the length of
|
||||
the ptr and uptr buffers.
|
||||
|
||||
Fix debug message output.
|
||||
|
||||
Fixes: CVE-2021-33833
|
||||
---
|
||||
src/dnsproxy.c | 20 +++++++++++---------
|
||||
1 file changed, 11 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/dnsproxy.c b/src/dnsproxy.c
|
||||
index de52df5a..38dbdd71 100644
|
||||
--- a/src/dnsproxy.c
|
||||
+++ b/src/dnsproxy.c
|
||||
@@ -1788,17 +1788,15 @@ static char *uncompress(int16_t field_count, char *start, char *end,
|
||||
* tmp buffer.
|
||||
*/
|
||||
|
||||
- debug("pos %d ulen %d left %d name %s", pos, ulen,
|
||||
- (int)(uncomp_len - (uptr - uncompressed)), uptr);
|
||||
-
|
||||
- ulen = strlen(name);
|
||||
- if ((uptr + ulen + 1) > uncomp_end) {
|
||||
+ ulen = strlen(name) + 1;
|
||||
+ if ((uptr + ulen) > uncomp_end)
|
||||
goto out;
|
||||
- }
|
||||
- strncpy(uptr, name, uncomp_len - (uptr - uncompressed));
|
||||
+ strncpy(uptr, name, ulen);
|
||||
+
|
||||
+ debug("pos %d ulen %d left %d name %s", pos, ulen,
|
||||
+ (int)(uncomp_end - (uptr + ulen)), uptr);
|
||||
|
||||
uptr += ulen;
|
||||
- *uptr++ = '\0';
|
||||
|
||||
ptr += pos;
|
||||
|
||||
@@ -1841,7 +1839,7 @@ static char *uncompress(int16_t field_count, char *start, char *end,
|
||||
} else if (dns_type == ns_t_a || dns_type == ns_t_aaaa) {
|
||||
dlen = uptr[-2] << 8 | uptr[-1];
|
||||
|
||||
- if (ptr + dlen > end) {
|
||||
+ if ((ptr + dlen) > end || (uptr + dlen) > uncomp_end) {
|
||||
debug("data len %d too long", dlen);
|
||||
goto out;
|
||||
}
|
||||
@@ -1880,6 +1878,10 @@ static char *uncompress(int16_t field_count, char *start, char *end,
|
||||
* refresh interval, retry interval, expiration
|
||||
* limit and minimum ttl). They are 20 bytes long.
|
||||
*/
|
||||
+ if ((uptr + 20) > uncomp_end || (ptr + 20) > end) {
|
||||
+ debug("soa record too long");
|
||||
+ goto out;
|
||||
+ }
|
||||
memcpy(uptr, ptr, 20);
|
||||
uptr += 20;
|
||||
ptr += 20;
|
||||
--
|
||||
2.32.0
|
||||
|
Loading…
Reference in a new issue